[sf-perl] [jobs] Job opening for Senior Perl Programmer at WebCDR.com

Dana Diederich diederich at gmail.com
Fri Jan 3 10:07:05 PST 2014


Totally agree.

For reference, here's the relevant PCI DSS (version 2) text:

Requirement:
12.7 Screen potential personnel prior to
hire to minimize the risk of attacks from
internal sources. (Examples of
background checks include previous
employment history, criminal record,
credit history, and reference checks.)
Note: For those potential personnel to
be hired for certain positions such as
store cashiers who only have access to
one card number at a time when
facilitating a transaction, this requirement
is a recommendation only.

Testing Procedures:
12.7 Inquire with Human Resource department management and
verify that background checks are conducted (within the constraints
of local laws) on potential personnel prior to hire who will have
access to cardholder data or the cardholder data environment.



Cheers,
-Dana



On Fri, Jan 3, 2014 at 10:02 AM, Uri Guttman <uri at stemsystems.com> wrote:

> On 01/03/2014 12:31 PM, Dana Diederich wrote:
>
>> I suspect PCI certification comes into play as well.  'devops' people hold
>> the keys to the kingdom, and PCI/DSS has specific language about people
>> who
>> have such high-level access having to pass background checks.
>>
>> It's one of those things that seems like a good idea on the surface, but
>> is
>> in reality not such a good thing in most cases.
>>
>
> a background criminal check is one thing and i understand it. a credit
> check is a very different animal and i don't see how it can make a
> difference. the worst case i see is someone in massive debt taking a job
> where he could embezzle money or sell stuff to nasty people. well, that
> means your internal security is bad anyway.
>
>
> uri
>
> --
> Uri Guttman - The Perl Hunter
> The Best Perl Jobs, The Best Perl Hackers
> http://PerlHunter.com
> _______________________________________________
> SanFrancisco-pm mailing list
> SanFrancisco-pm at pm.org
> http://mail.pm.org/mailman/listinfo/sanfrancisco-pm
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.pm.org/pipermail/sanfrancisco-pm/attachments/20140103/88b9440e/attachment.html>


More information about the SanFrancisco-pm mailing list